Access prioritization for private LTE radio service

ABSTRACT

Systems and methods for providing access prioritization to a private Long Term Evolution (LTE) network operating in a Citizens Broadband Radio Service (CBRS) spectrum include receiving, at a network device of the private Long Term Evolution (LTE) network, a functional group associated with a user equipment (UE) and a traffic load of a cell of the private LTE network associated with the UE. An access priority associated with the functional group and the traffic load is determined and provided to a CBRS access point (AP) which controls access to the cell. The access priority indicates to the CBRS AP a priority with which the UE is allowed to access the cell and can include a high priority, a low priority, or no access indication.

TECHNICAL FIELD

The present technology pertains to enterprise networks, and morespecifically to prioritization of access to private Long Term Evolution(LTE) service in a Citizens Broadband Radio Service (CBRS) spectrum,based on enterprise group affiliation.

BACKGROUND

The Citizen Broadcast Radio Service (CBRS) is a 150 MHz wide spectrum inthe 3550-3700 MHz frequency range in the United States. Some of thisspectrum is used by the United States government for their radarsystems. When portions of the spectrum are not in use, those portionscan be made available for use by other entities. The FederalCommunications Commission (FCC) created rules for commercial use of theCBRS spectrum. Enterprises can use this CBRS spectrum to set up privateLong-term Evolution (LTE) networks and allow access to consumer andInternet of Things (IoT) devices. Enterprises may expand and increasethe coverage density of private LTE networks by integrating CBRS intotheir wireless connectivity services. CBRS style shared spectrum in someother bands is also being planned in Europe and some other parts of theworld.

The CBRS spectrum use is governed by a three-tiered spectrumauthorization framework (incumbent access, priority access, generalauthorized access) to accommodate a variety of commercial uses on ashared basis with incumbent federal and non-federal users of the band.Incumbent access users include authorized federal and grandfatheredfixed satellite service users. Priority access consists of priorityaccess licenses assigned to competitive bidding within the band. Lastly,general authorized access is licensed-by-rule to permit open, flexibleaccess to any portion of the band not assigned to any of the two highertiers with respect to the widest possible group of potential users. Theaccess and operations for the band across the three different tiers aremanaged by a dynamic spectrum access system (SAS).

BRIEF DESCRIPTION OF THE DRAWINGS

In order to describe the manner in which the above-recited and otheradvantages and features of the disclosure can be obtained, a moreparticular description of the principles briefly described above will berendered by reference to specific embodiments thereof which areillustrated in the appended drawings. Understanding that these drawingsdepict only exemplary embodiments of the disclosure and are nottherefore to be considered to be limiting of its scope, the principlesherein are described and explained with additional specificity anddetail through the use of the accompanying drawings in which:

FIG. 1 illustrates an example CBRS network architecture according toaspects of this disclosure;

FIG. 2 a network environment for deploying a CBRS network, according toexample aspects of this disclosure;

FIGS. 3 and 4 illustrate example processes for providing accessprioritization based on functional groups in a CBRS network, accordingto example aspects of this disclosure;

FIG. 5 illustrates another process for providing access prioritizationbased on functional groups in a CBRS network, according to aspects ofthis disclosure;

FIG. 6 illustrates an example network device in accordance with variousexamples; and

FIG. 7 illustrates an example computing device in accordance withvarious examples.

DETAILED DESCRIPTION

Various embodiments of the disclosure are discussed in detail below.While specific implementations are discussed, it should be understoodthat this is done for illustration purposes only. A person skilled inthe relevant art will recognize that other components and configurationsmay be used without parting from the spirit and scope of the disclosure.Thus, the following description and drawings are illustrative and arenot to be construed as limiting. Numerous specific details are describedto provide a thorough understanding of the disclosure. However, incertain instances, well-known or conventional details are not describedin order to avoid obscuring the description. References to one or anembodiment in the present disclosure can be references to the sameembodiment or any embodiment; and, such references mean at least one ofthe embodiments.

Reference to “one embodiment” or “an embodiment” means that a particularfeature, structure, or characteristic described in connection with theembodiment is included in at least one embodiment of the disclosure. Theappearances of the phrase “in one embodiment” in various places in thespecification are not necessarily all referring to the same embodiment,nor are separate or alternative embodiments mutually exclusive of otherembodiments. Moreover, various features are described which may beexhibited by some embodiments and not by others.

The terms used in this specification generally have their ordinarymeanings in the art, within the context of the disclosure, and in thespecific context where each term is used. Alternative language andsynonyms may be used for any one or more of the terms discussed herein,and no special significance should be placed upon whether or not a termis elaborated or discussed herein. In some cases, synonyms for certainterms are provided. A recital of one or more synonyms does not excludethe use of other synonyms. The use of examples anywhere in thisspecification including examples of any terms discussed herein isillustrative only, and is not intended to further limit the scope andmeaning of the disclosure or of any example term. Likewise, thedisclosure is not limited to various embodiments given in thisspecification.

Without intent to limit the scope of the disclosure, examples ofinstruments, apparatus, methods and their related results according tothe embodiments of the present disclosure are given below. Note thattitles or subtitles may be used in the examples for convenience of areader, which in no way should limit the scope of the disclosure. Unlessotherwise defined, technical and scientific terms used herein have themeaning as commonly understood by one of ordinary skill in the art towhich this disclosure pertains. In the case of conflict, the presentdocument, including definitions will control.

Additional features and advantages of the disclosure will be set forthin the description which follows, and in part will be obvious from thedescription, or can be learned by practice of the herein disclosedprinciples. The features and advantages of the disclosure can berealized and obtained by means of the instruments and combinationsparticularly pointed out in the appended claims. These and otherfeatures of the disclosure will become more fully apparent from thefollowing description and appended claims, or can be learned by thepractice of the principles set forth herein.

Overview

Disclosed herein are systems, methods, and computer-readable media forproviding access prioritization to one or more devices to connect to aprivate LTE network in a CBRS spectrum based on functional groupsassociated with the one or more devices. In some examples, an employeeor enterprise functional group is associated with a cell identifier (ID)of a user equipment (UE). Based on the functional group of the cell towhich the UE is associated with, the UE may be allowed or prevented fromlatching on to the cell. Moreover, depending upon the functional group,the UE may be provided with preferential access of the cell.

In an example implementation, the Enterprise's authentication,authorization, and accounting (AAA) server is configured with the UE'sfunctional group. A Digital Network Architecture (DNA) appliance isconfigured with the access control and traffic priority based on thefunctional group and cell ID of the UE. The DNA appliance can also beprovided with cell specific load information for making decisions abouttraffic priority for a given group of UEs. After a UE latches on to aCBRS cell and tries to connect to the private LTE network, the privateLTE network can request the DNA appliance to provide access control andtraffic priority related information for the UE. The private LTE networkcan provide the UE's associated functional group and cell information tothe DNA appliance. The DNA appliance, based on the configuredinformation about the group access and priority and other loadinformation on the cell, can determine access control and trafficpriority information for the UE, which can be provided to an accesspoint (e.g., eNodeB) to effect appropriate access and priority treatmentto the UE.

In some examples, a method is provided. The method comprises receiving,at a network device of a private Long Term Evolution (LTE) networkoperating in a Citizens Broadband Radio Service (CBRS) spectrum, afunctional group associated with a user equipment (UE); receiving, atthe network device, a traffic load of a cell of the private LTE networkassociated with the UE; determining an access priority associated withthe functional group and the traffic load; and providing the accesspriority to a CBRS access point (AP) which controls access to the cell,wherein the access priority indicates to the CBRS AP a priority withwhich the UE is allowed to access the cell.

In some examples, a system is provided, the system comprising: one ormore processors; and a non-transitory computer-readable storage mediumcontaining instructions which, when executed on the one or moreprocessors, cause the one or more processors to perform operationsincluding: receiving, at a network device of a private Long TermEvolution (LTE) network operating in a Citizens Broadband Radio Service(CBRS) spectrum, a functional group associated with a user equipment(UE); receiving, at the network device, a traffic load of a cell of theprivate LTE network associated with the UE; determining an accesspriority associated with the functional group and the traffic load; andproviding the access priority to a CBRS access point (AP) which controlsaccess to the cell, wherein the access priority indicates to the CBRS APa priority with which the UE is allowed to access the cell.

In some examples, a non-transitory machine-readable storage medium isprovided, including instructions configured to cause a data processingapparatus to perform operations including: receiving, at a networkdevice of a private Long Term Evolution (LTE) network operating in aCitizens Broadband Radio Service (CBRS) spectrum, a functional groupassociated with a user equipment (UE); receiving, at the network device,a traffic load of a cell of the private LTE network associated with theUE; determining an access priority associated with the functional groupand the traffic load; and providing the access priority to a CBRS accesspoint (AP) which controls access to the cell, wherein the accesspriority indicates to the CBRS AP a priority with which the UE isallowed to access the cell.

In some examples, the access priority comprises a high priority, a lowpriority, or no access indication.

In some examples, the access priority for the UE comprises the no accessindication if the UE is authenticated to attach to the cell and one ormore UEs of functional groups with higher priority consume the trafficload of the cell.

In some examples, the no access indication is temporary for a period oftime until the traffic load of the cell decreases.

In some examples, providing the access priority to the CBRS AP includesproviding the access priority to a mobility management entity (MME) ofthe private LTE network, wherein the functional group is received fromthe MME based on the UE establishing a request to attach to the cell.

In some examples, the network device is a Digital Network Architecture(DNA) appliance of the private LTE network.

Some examples further comprise receiving o a user profile andsubscription information associated with the UE from one or moreauthentication, authorization, and accounting (AAA) servers of theprivate LTE network. In some examples, the one or more AAA serverscomprise a CBRS AAA server and an enterprise AAA server.

DESCRIPTION OF EXAMPLE EMBODIMENTS

The disclosed technologies address the need in the art for prioritizedaccess to Private LTE Radio service. Such access prioritization isrecognized as a desirable feature in some operating environments usingthe CBRS spectrum. For example, in an enterprise network, a user's (orUE's) enterprise group affiliation can form a basis for determining bothaccess to a network cell as well as prioritization of the access overusers of other groups. For example, considering an automobilemanufacturer with many diverse functional areas and with a mix of usersand Internet of Things (JOT) devices (e.g., robots) moving between CBRScells, it may be desirable to ensure that certain groups of users havehigher priority in certain locations over other groups. For example, arobot equipped with CBRS access may be deemed to have higher prioritythan a user accessing the network for streaming media content. Suchprioritization can provide the enterprise network with a capability isto ensure that network access is fully utilized while still guaranteeingconnectivity to certain high priority users.

In some examples, users belonging to a particular group (e.g., a DigitalNetwork Architecture Center (DNA-C) group) can be deemed to have higherpriority for CBRS network access in a certain location over usersbelonging to other groups. In existing CBRS spectrum utilization rules,a unique CBRS-Network identifier (CBRS-NID) is provided for eachenterprise deploying a CBRS Private LTE network. Additionally, all CBRSnetworks have a common, Shared Home Network Identifier (SHNI), where insome cases the SHNI value is “315-010”. The above two identifiersCBRS-NID and SHNI uniquely identify a CBRS enterprise network. Accordingto currently defined access provisions, all UEs belonging to anenterprise and having a profile which matches the CBRS-NID and SHNI ofthat enterprise (with other valid authentication credentials in somecases), can be allowed access to the enterprise network. According toexample aspects, improvements are provided over the currently definedaccess provisions, where these improvements can both allow/disallowaccess, as well as prioritize access (when allowed) to certain group ofUEs (e.g., based on their functional group IDs as mentioned above).

FIG. 1 illustrates an example deployment of a CBRS network 100. In theCBRS network 100, the CBRS spectrum can be used with 4G LTE technologyto support private LTE networks. Similar to LTE networks, the CBRSnetwork 100 can include an eNodeB, Core Network for Packet services andIMS for voice and multimedia services. In addition to the traditionalLTE networks, the CBRS network 100 can include an additional node shownas a Spectrum Access System (SAS) 110 to manage and control access tothe CBRS network 100. The SAS 110 can be implemented using a three-tierspectrum authorization framework to accommodate a variety of commercialuses on a shared basis with incumbent federal and non-federal users ofthe CBRS band.

The CBRS network 100 can be accessed by one or more UEs 102, identifiedas CBRS UEs. The UEs 102 can include various computing and networkingdevices such as mobile devices, laptops, desktops, etc. One or moreaccess points, identified as CBRS APs 104A-D, for example, can controland provide network access to the UEs 102. In some examples, the CBRSAPs 104A-D can include an Evolved Node B (eNodeB), a CBRS base stationsor CBRS device (CBSD), etc. The CBRS APs 104A-D can belong to differentnetworks or enterprises, e.g., a private LTE network, and maycommunicate directly with UEs 102 of that network. The CBRS APs 104A-D,CBSDs or eNodeBs configured to support the CBRS band can be categorizedinto two types: CBSD-Category A and CBSD-Category B

The SAS 110 can manage the three-tier license structure for thefollowing types of access. A first access license referred to as anIncumbent Access (IA) is an access license used by the US Navy and alsofor fixed satellite services (FSS). The IA access has absolute priorityover other type of allocation.

A second access license referred to as a Priority Access License (PAL)is an access license which can be used by hospitals, utilities andgovernment departments as well as non-critical users such as mobilenetwork operators (MNOs). The PAL is assigned using competitive biddingto various enterprises and commercial users within the 3550-3650 MHzfrequency block of the CBRS spectrum. Each access license under the PALis defined as a non-renewable authorization to use a 10 megahertzchannel in a single census tract (e.g., in a contained location or smallgeographic area/district) for a fixed period, e.g., three years. Up toseven total PALs may be assigned in any given census tract with up tofour PALs being granted to any single applicant. Applicants may acquireup to two consecutive PAL terms in any given license area during thefirst auction.

A third access license referred to as a General Authorized Access (GAA)is provided to users can potentially have access to all 150 megahertz inthe 3550-3700 MHz spectrum. GAA users are permitted to use any portionof the 3550-3700 MHz band not assigned to a higher tier user and mayalso operate opportunistically on unused Priority Access channels.

The SAS 110 can control operation of the CBRS APs 104A-D based on thethree-tiered licensing model. In some examples the SAS 110 can informthe CBRS APs 104A-D of frequency bands or channels to use in the CBRSspectrum and transmit/receive powers for any specific time or timeperiod. An interface between the SAS 110 and the CBRS APs 104A-D can bebased on the HTTP over Transport Layer Security (HTTP-TSL) protocol. Theinterface can include exchanges of messages for the followingoperations: a CBSD Registration Request/Response, a Spectrum InquiryRequest/Response, a Grant Request/Response, and a HeartbeatRequest/Response

When the CBRS APs 104A-D get powered on, they start the SAS-CBSDregistration procedure with the SAS 110 to gain access to the CBRSspectrum. For example, the CBRS APs 104A-D send their respectiveRegistration Requests (along with other parameters required by the SAS110). After a Registration Response from the SAS 110 indicating asuccessful registration, the CBRS APs 104A-D perform the SpectrumInquiry for the available channel information from the CBRS spectrum.Upon receiving a Spectrum Inquiry Response to the Spectrum Inquiry, theCBRS APs 104A-D send a Grant Request with one of the operating channelsand peak power indicated in the Spectrum Inquiry Response. The SpectrumInquiry is an optional procedure. In case of an Spectrum Inquiryfailure, the CBRS APs 104A-D can continue with a grant procedure. Inresponse to the Grant Request, the CBRS APs 104A-D gain approval for therequested frequency channel and the peak transmit power. The CBRS APs104A-D may also receive time period for the grant. Once the CBRS APs104A-D reach the granted state, they initiate a heartbeat procedure andreceive authorization from the SAS 110 for RF transmission.

The CBRS APs 104A-D can be provide corresponding access rules andpolicies to the UEs 102 for accessing the CBRS network 100 (or portionthereof) through respective CBRS APs 104A-D, where these rules andpolicies can include a frequency channel which has been allocated to theCBRS APs 104A-D, and according to example aspects, access permissionsand priorities.

An evolved packet core (EPC) 106 can also be deployed within the CBRSnetwork 100. The EPC 106 can provide a variety of different functionsfor the CBRS network 100. For example, the EPC 106 can manage sessionstates, authenticate, and manage communication associated with accesspoints and/or user equipment within the CBRS network 100. The EPC 106can also be used to route communications (e.g., data packets), managequality of service (QoS), and provide deep packet inspection (DPI)functionality within the CBRS network.

Further, the CBRS network 100 can include a digital network architecture(DNA) appliance 108, which can be configured to manage the CBRS APs104A-D. For example, the DNA appliance 108 can obtain the assignments ofeach of the CBRS APs 104A-D provided by the SAS 110. In some examples,the DNA appliance 108 can monitor performance of the CBRS APs 104A-D andassociated UEs 102 to detect when interference is present. In someexamples, the DNA appliance 108 can determine different parameters toassign to one or more of the CBRS APs 104A-D when interference isdetected, and dynamically re-assign the operational parameters of theaccess points to minimize and/or eliminate the detected interference. Inthis way, the DNA appliance 108 can resolve issues of interferencebetween the CBRS APs 104A-D and/or the UEs 202 that the SAS 110 may notbe able to account for.

FIG. 2 illustrates an environment 200 in which the CBRS network 100 canbe deployed according to example aspects of this disclosure. In anexample, the environment 200 can include a manufacturing facility withvarious zones. The zones are shown as non-overlapping geographicallocations for the sake of illustration of some example features, but thedisclosed aspects are equally applicable to the zones includingoverlapping geographical locations. An enterprise private LTE network220 which can be deployed using the CBRS spectrum in the environment 200can include a SAS which can be composed of various components.

The private LTE network 220 can provide access to the CBRS spectrum(e.g., to connect to the Internet 222) for one or more cells or zones,each of which can include a respective CBSD such as the cells 1 and 2shown with eNodeBs 204A-B, respectively (collectively, eNodeB 204). TheeNodeBs 204 can provide access to UEs 202 in the respective cells 1 and2.

In some examples, the private LTE network 220 can include a mobilitymanagement entity (MME) 206, which may be a key control-node for theprivate LTE network 220. The MME 206 can communicate with the eNodeBs204 in conjunction with a Serving Gateway (S-GW) 214 within an EvolvedPacket Core (EPC) or the private LTE network 220. The MME 206 can selectfrom one or more S-GWs for a UE 202 during a time of initial attachmentas well as during intra-LTE handovers involving Core Network (CN) noderelocation. The MME 206 can also select a packet data network (PDN)Gateway (P-GW) such as the P-GW 216 to connect to the PDN. In variousexamples, the MME 206 can act as a termination point for Non-AccessStratum (NAS) signaling, and also be configured to generate and allocatetemporary identities to the UEs 202.

In some examples, the MME 206 can authenticate the UEs 202 byinteracting with one or more authentication, authorization, andaccounting (AAA) modules such as the enterprise AAA 210 and the CBRS AAA212 according to aspects of this disclosure. In some examples, the UEs202 can each be associated with a respective functional group, and theenterprise AAA 210 and/or the CBRS AAA 212 can be configured to storethe functional groups of the UEs 202. The functional group of a UE 202can be tied to the cell ID (e.g., cell 1 or cell 2 in FIG. 2). Based onthe functional group of the cell 1 or cell 2 to which it is tied to, aUE 202 can be allowed to latch on to or access the respective cell 1 orcell 2. Further, depending upon the functional group tied to the cellfor a particular UE 202, the UE 202 may be given preferential traffictreatment while accessing the cell.

The MME 206 can also communicate with a DNA appliance 208 which can besimilarly configured to provide related functionality as the DNAappliance 108. In some examples, the DNA appliance 208 can assist theMME 206 with detecting and resolving issues of interference between theeNodeBs 204 and/or the UEs 202. In some examples, the DNA appliance 208can be configured with the access control and traffic priority based onthe functional group and cell ID (e.g., cell 1 or cell 2) of the UEs202. In some examples, the DNA appliance 208 can also be provided withcell specific load information (e.g., by the MME 206) for makingdecisions about traffic priority for a given functional group of UEs202.

As shown in FIG. 2, different access priority categories are identified,including a high priority 230A, a low priority 230B or a no access 232.A UE 202 of a functional group having high priority 230A is prioritizedfor access over a UE 202 of a functional group having low priority 230B.In some examples, the access priority for a UE 202 associated with afunctional group can be determined to be the no access 232 when one ormore UEs of functional groups with higher priority consume availableresources of the cell. The available resources of the cell, such asavailable bandwidth, can be based on the existing traffic load orbandwidth consumption of the cell. Thus, access to the cell is generallybased on available resources of the cell (e.g., based on the trafficload of the cell). In some cases, the no access 232 can be temporary andwithdrawn if the traffic load of the cell decreases after a period oftime.

When a UE 202 latches on (or attaches) to one of the cells (cell 1 orcell 2) and tries to connect to the private LTE network 220, the MME 206can request the DNA appliance 208 to provide access control and trafficpriority related information. In various examples, the DNA appliance 208can obtain the functional group and cell information from the privateLTE network 220 (e.g., illustratively shown as DNA configurationinformation 208A, with related configurations 210A and 212A also shownrespectively for the enterprise AAA 210 and CBRS AAA 212). The DNAappliance 208, can also obtain traffic load information in the cells.Based on the functional group and the traffic load, the DNA appliance208 can determine an access priority for UEs belonging to the functionalgroup and provide the MME 206 with the access control and priorityinformation for the functional group.

In some examples, the MME 206 can notify the respective eNodeBs 204about the priority information, so that the eNodeBs can provideappropriate treatment to the UEs 202. For example, for a UE 202 whosefunctional group falls within the no access 232 category in cell 1,access can be denied by the eNodeB 204A. For a group of UEs 202 withinthe cells 1 and 2 with high priority 230A, high priority access can beprovided by respective eNodeBs 204A and 204B. Similarly, for the groupof UEs within cell 1 with low priority 230B, low priority access can beprovided by the eNodeB 204A (i.e., based on prioritizing the highpriority 230A group of UEs 202 over the low priority 230B group of UEs202). Prioritizing a group of UEs 202 can include providing preferentialtreatment of traffic to/from the UEs 202 (e.g., in the high priority230A group). In some examples, additional priority levels (e.g., one ormore medium priority categories in between the high priority 230A andlow priority 230B) can also be included and prioritized in correspondingorder. In some examples, an IE CsgMemberShip Info field used in thecommunications of packets between the various nodes (e.g., from the DNAappliance 208 to the MME 206 to the eNodeBs 204) to include prioritytags, “high”, “medium”, “low”, “reject” to indicate the differentpriority levels and also access permissions for the UEs 202. In someexamples a cause code can be included for communicating to a UE 202which may be in a Closed Subscriber Group (CSG) with a validauthorization, but temporary denial of connectivity due, for example, toproviding available bandwidth to a higher priority group of UEs 202.

FIGS. 3-4 illustrate example processes 300 and 400 for implementing theabove-described functional group based access priority in private LTEnetworks. In some examples, the processes 300 and 400 can be implementedin the CBRS network 100 or the environment 200. It will be understoodthat the steps described with reference to the processes 300 and 400 canbe implemented in any order or any combination thereof, includingcombinations that exclude, add, or modify certain steps.

Starting with step 1 of process 300, one or more of the UEs 202 in cells1 or 2 can provide configuration information to a respective eNodeB 204.In step 2, the eNodeB 204 can register and provide the configuration(e.g., CSG cell ID) to the MME 206. In step 3, the CBRS AAA 212 canobtain or generate UE authorization and subscription information (e.g.,based on the configuration 212A for all UEs 202), which can be providedsubsequently to the MME 206. In step 4, the enterprise AAA 210 can beconfigured with the UE subscription profiles and authentication relatedinformation, including group ID mappings (e.g., based on theconfiguration 210A for all UEs 202), which can be provided subsequentlyto the MME 206. In step 5, the DNA appliance 208 can be configured withpriority of network access. For example, the DNA appliance 208 can beconfigured with information and priorities related to groups of UEs(e.g., based on the configuration 208A for the UEs 202), which can beprovided subsequently to the MME 206.

In step 6, the eNodeB 204 connects to the MME 206 (e.g., using a 51setup procedure) and informs the MME 206 about supported shared homenetwork identifier (SHNI), closed subscriber group (CSG) lists, etc. Instep 7, the eNodeB can broadcast the information for evaluating whethera UE 202 can access a cell, e.g., in the form of master informationblock (MIB), system information block (SIB), etc.

The UEs 102 may be associated with a Public Land Mobile Network (PLMN).A PLMN may be uniquely identified by a PLMN identifier (PLMN ID). A PLMNID may include a mobile country code (MCC) and a mobile network code(MNC). The UEs can be configured with a private enterprise PLMN ID anddifferent authentication modes. In some examples, the UEs can performPLMN selection and may attach to one of the CBSDs or eNodeBs 204 of theprivate LTE network 220, using a CBRS band. For example, in step 8, theeNodeBs 204 can broadcast information which is received by the UEs 202,where the information can include the PLMNs from the broadcast in step7. In step 9, the UEs 202 can perform a cell selection by comparing thePLMN IDs and CSGs and selecting a cell which supports the SHNI.

For UEs 202 which may wish to attach to a particular eNodeB 204, steps10-12 show attachment processes. The attachment processes can include arandom access procedure in step 10, a Radio Resource Control (RRC) instep 11, and RRC setup completion in step 12, upon which the UE 202 mayhave established intent to attach with the eNodeB 204. In step 13, theattachment request for the UE 202 can be forwarded from the eNodeB 204to the MME 206. In step 14, the MME 206 can download a subscriptionprofile for the UE 202 from the CBRS AAA 212.

In step 15, the MME 206 and/or the CBRS AAA can perform initialauthentication and security procedures. For example, whether the UE 202is allowed to attach or not can be determined in this step 15 (keepingin mind that this is different from the no access 232 priority which isa determination which is performed subsequently for a UE 202 which canattach but may be denied access due to other high priority accesseswhich may exhaust available bandwidth). If the UE 202 is allowed toattach, then in the step 16, the MME 206 can establish a channel forpossibly communicating with the UE 202.

In the step 17, the MME can download or collect the configuration andpriority information generated or obtained in the steps 3-5 for the UE202. For example, the information from the CBRS AAA 212, the enterpriseAAA 210, and the DNA appliance 208 obtained in the steps 3-5 above canbe referred to as a user profile which can include the functional groupID of the UE 202. The MME 206 can determine the functional group of theUE 202 based on its user profile in this step.

Referring to FIG. 4, the process 300 of FIG. 3 can continue to theprocess 400 of FIG. 4, starting with step 18, where the MME 206 canprovide the functional group determined for the UE 202 in step 17 to theDNA appliance 208. The DNA appliance 208 can consult its mapping tableor configuration 208A for example (or refer to step 5 of FIG. 3) toobtain the priority (e.g., high priority 230A or low priority 230B) forthe UE 202 and provide the priority to the MME 206. In step 20, the MME206 can also establish a PDN connection with one of the gateways S-GW214 or P-GW 216. Based on this, the MME 206 can provide an initialcontext and setup along with the priority of the UE 202 to the eNodeB204 in step 21.

In step 22, the eNodeB 204 can send an RRC connection reconfiguration(or an acceptance of the attachment request in step 12) to the UE 202,for which a high priority has been identified in this example. In step23, the PDN connection establishment is performed for the high priorityaccess of the UE 202. Steps 24-29 are similar to the steps 18-23discussed above, for the case of a low priority access. The steps 24-29may be performed as an alternative to the steps 18-23 in some cases.

Steps 30-33 correspond to a case where the UE 202 is denied access basedon its associated functional group, keeping in mind once again that thisis a case where the UE 202 is allowed to attach but may be denied access(e.g., on a temporary basis due to the traffic load). The steps 30-33may be performed as an alternative to the steps 18-29 in some cases. Instep 30, the MME 206 can provide the functional group determined for theUE 202 in step 17 to the DNA appliance 208. The DNA appliance 208 canconsult its configuration 208A for example (or refer to step 5 of FIG.3) to obtain the priority (e.g., high priority 230A or low priority230B) for the UE 202 and provide the priority to the MME 206. In step31, either a priority may not be found to be associated with thefunctional group or the priority may indicate no access. Based on this,the DNA appliance 208 can inform the MME 206 that the UE 202 is to berejected in step 32, which can be communicated to the UE in step 33.

Having described example systems and concepts, the disclosure now turnsto the process 500 illustrated in FIG. 5. The steps or blocks outlinedherein are examples and can be implemented in any combination thereof,including combinations that exclude, add, or modify certain steps.

At block 502, the process 500 can include receiving, at a network deviceof a private Long Term Evolution (LTE) network operating in a CitizensBroadband Radio Service (CBRS) spectrum, a functional group associatedwith a user equipment (UE). For example, the DNA appliance 208 of theprivate LTE network 220 can receive (e.g., at steps 18, 24, 30), arequest from the MME 206 which contains a functional group associatedwith a UE 202 which has attached to a cell.

At block 504, the process 500 can include receiving, at the networkdevice, a traffic load of a cell of the private LTE network associatedwith the UE. For example, the traffic load of the cells 1 and 2 of theenvironment 200 can be obtained from the eNodeBs 204.

At block 506, the process 500 can include determining an access priorityassociated with the functional group and the traffic load. For example,based on the configuration 208A and the traffic load, the DNA appliancecan obtain the priority for the UE 202 (e.g., as shown in steps 19, 25,and 31).

At block 508, the process 500 can include providing the access priorityto a CBRS access point (AP) which controls access to the cell, whereinthe access priority indicates to the CBRS AP a priority with which theUE is allowed to access the cell. For example, as shown in steps 20, 26,and 32, the access priority can be provided to the eNodeB 204 throughthe MME 206. The access priority can include a high priority, a lowpriority, or no access indication, where the access priority for the UEcomprises the no access indication if the UE is authenticated to attachto the cell and one or more UEs of functional groups with higherpriority consume the traffic load of the cell. In some examples, the noaccess indication is temporary for a period of time until the trafficload of the cell decreases.

In some examples, the DNA appliance can receive a user profile andsubscription information associated with the UE from one or moreauthentication, authorization, and accounting (AAA) servers of theprivate LTE network such as the CBRS AAA 212 server and an enterpriseAAA server 210.

FIG. 6 illustrates an example network device 600 suitable forimplementing policy agents and performing switching, routing, and othernetworking operations. The network device 600 includes a centralprocessing unit (CPU) 604, interfaces 602, and a connection 610 (e.g., aPCI bus). When acting under the control of appropriate software orfirmware, the CPU 604 is responsible for executing packet management,error detection, and/or routing functions. The CPU 604 preferablyaccomplishes all these functions under the control of software includingan operating system and any appropriate applications software. The CPU604 may include one or more processors 608, such as a processor from theINTEL X86 family of microprocessors. In some cases, the processor 608can be specially designed hardware for controlling the operations of thenetwork device 600. In some cases, a memory 606 (e.g., non-volatile RAM,ROM, etc.) also forms part of the CPU 604. However, there are manydifferent ways in which memory could be coupled to the system.

The interfaces 602 are typically provided as modular interface cards(sometimes referred to as “line cards”). Generally, they control thesending and receiving of data packets over the network and sometimessupport other peripherals used with the network device 600. Among theinterfaces that may be provided are Ethernet interfaces, frame relayinterfaces, cable interfaces, DSL interfaces, token ring interfaces, andthe like. In addition, various very high-speed interfaces may beprovided such as fast token ring interfaces, wireless interfaces,Ethernet interfaces, Gigabit Ethernet interfaces, ATM interfaces, HSSIinterfaces, POS interfaces, FDDI interfaces, WIFI interfaces, 3G/4G/5Gcellular interfaces, CAN BUS, LoRA, and the like. Generally, theseinterfaces may include ports appropriate for communication with theappropriate media. In some cases, they may also include an independentprocessor and, in some instances, volatile RAM. The independentprocessors may control such communications intensive tasks as packetswitching, media control, signal processing, crypto processing, andmanagement. By providing separate processors for the communicationsintensive tasks, these interfaces allow the master microprocessor 604 toefficiently perform routing computations, network diagnostics, securityfunctions, etc.

Although the system shown in FIG. 6 is one specific network device ofthe present technologies, it is by no means the only network devicearchitecture on which the present technologies can be implemented. Forexample, an architecture having a single processor that handlescommunications as well as routing computations, etc., is often used.Further, other types of interfaces and media could also be used with thenetwork device 600.

Regardless of the network device's configuration, it may employ one ormore memories or memory modules (including memory 606) configured tostore program instructions for the general-purpose network operationsand mechanisms for roaming, route optimization and routing functionsdescribed herein. The program instructions may control the operation ofan operating system and/or one or more applications, for example. Thememory or memories may also be configured to store tables such asmobility binding, registration, and association tables, etc. Memory 606could also hold various software containers and virtualized executionenvironments and data.

The network device 600 can also include an application-specificintegrated circuit (ASIC) which can be configured to perform routingand/or switching operations. The ASIC can communicate with othercomponents in the network device 600 via the connection 610, to exchangedata and signals and coordinate various types of operations by thenetwork device 600, such as routing, switching, and/or data storageoperations, for example.

FIG. 7 illustrates an architecture of a computing system 700 wherein thecomponents of the system 700 are in electrical communication with eachother using a connection 705, such as a bus. The example system 700includes a processing unit (CPU or processor) 710 and a systemconnection 705 that couples various system components including thesystem memory 715, such as read only memory (ROM) 720 and random accessmemory (RAM) 725, to the processor 710. The system 700 can include acache of high-speed memory connected directly with, in close proximityto, or integrated as part of the processor 710. The system 700 can copydata from the memory 715 and/or the storage device 730 to the cache 712for quick access by the processor 710. In this way, the cache canprovide a performance boost that avoids processor 710 delays whilewaiting for data. These and other modules can control or be configuredto control the processor 710 to perform various actions. Other systemmemory 715 may be available for use as well. The memory 715 can includemultiple different types of memory with different performancecharacteristics. The processor 710 can include any general purposeprocessor and a hardware or software service, such as service 1 732,service 2 734, and service 3 736 stored in storage device 730,configured to control the processor 710 as well as a special-purposeprocessor where software instructions are incorporated into the actualprocessor design. The processor 710 may be a completely self-containedcomputing system, containing multiple cores or processors, a bus, memorycontroller, cache, etc. A multi-core processor may be symmetric orasymmetric.

To enable user interaction with the computing system 700, an inputdevice 745 can represent any number of input mechanisms, such as amicrophone for speech, a touch-sensitive screen for gesture or graphicalinput, keyboard, mouse, motion input, speech and so forth. An outputdevice 735 can also be one or more of a number of output mechanismsknown to those of skill in the art. In some instances, multimodalsystems can enable a user to provide multiple types of input tocommunicate with the computing system 700. The communications interface740 can generally govern and manage the user input and system output.There is no restriction on operating on any particular hardwarearrangement and therefore the basic features here may easily besubstituted for improved hardware or firmware arrangements as they aredeveloped.

Storage device 730 is a non-volatile memory and can be a hard disk orother types of computer readable media which can store data that areaccessible by a computer, such as magnetic cassettes, flash memorycards, solid state memory devices, digital versatile disks, cartridges,random access memories (RAMs) 725, read only memory (ROM) 720, andhybrids thereof.

The storage device 730 can include services 732, 734, 736 forcontrolling the processor 710. Other hardware or software modules arecontemplated. The storage device 730 can be connected to the systemconnection 705. In one aspect, a hardware module that performs aparticular function can include the software component stored in acomputer-readable medium in connection with the necessary hardwarecomponents, such as the processor 710, connection 705, output device735, and so forth, to carry out the function.

For clarity of explanation, in some instances the present technology maybe presented as including individual functional blocks includingfunctional blocks comprising devices, device components, steps orroutines in a method embodied in software, or combinations of hardwareand software.

In some embodiments the computer-readable storage devices, mediums, andmemories can include a cable or wireless signal containing a bit streamand the like. However, when mentioned, non-transitory computer-readablestorage media expressly exclude media such as energy, carrier signals,electromagnetic waves, and signals per se.

Methods according to the above-described examples can be implementedusing computer-executable instructions that are stored or otherwiseavailable from computer readable media. Such instructions can comprise,for example, instructions and data which cause or otherwise configure ageneral purpose computer, special purpose computer, or special purposeprocessing device to perform a certain function or group of functions.Portions of computer resources used can be accessible over a network.The computer executable instructions may be, for example, binaries,intermediate format instructions such as assembly language, firmware, orsource code. Examples of computer-readable media that may be used tostore instructions, information used, and/or information created duringmethods according to described examples include magnetic or opticaldisks, flash memory, USB devices provided with non-volatile memory,networked storage devices, and so on.

Devices implementing methods according to these disclosures can comprisehardware, firmware and/or software, and can take any of a variety ofform factors. Typical examples of such form factors include laptops,smart phones, small form factor personal computers, personal digitalassistants, rackmount devices, standalone devices, and so on.Functionality described herein also can be embodied in peripherals oradd-in cards. Such functionality can also be implemented on a circuitboard among different chips or different processes executing in a singledevice, by way of further example.

The instructions, media for conveying such instructions, computingresources for executing them, and other structures for supporting suchcomputing resources are means for providing the functions described inthese disclosures.

Although a variety of examples and other information was used to explainaspects within the scope of the appended claims, no limitation of theclaims should be implied based on particular features or arrangements insuch examples, as one of ordinary skill would be able to use theseexamples to derive a wide variety of implementations. Further andalthough some subject matter may have been described in languagespecific to examples of structural features and/or method steps, it isto be understood that the subject matter defined in the appended claimsis not necessarily limited to these described features or acts. Forexample, such functionality can be distributed differently or performedin components other than those identified herein. Rather, the describedfeatures and steps are disclosed as examples of components of systemsand methods within the scope of the appended claims.

Claim language reciting “at least one of” a set indicates that onemember of the set or multiple members of the set satisfy the claim. Forexample, claim language reciting “at least one of A and B” means A, B,or A and B.

What is claimed is:
 1. A method comprising: receiving, at a networkdevice of a private Long Term Evolution (LTE) network operating in aCitizens Broadband Radio Service (CBRS) spectrum, a first functionalgroup associated with a user equipment (UE); assigning, to the firstfunctional group, a first priority to access a first cell of the privateLTE network, the first priority being different than a second priorityof the first functional group to access a second cell of the private LTEnetwork and a third priority of a second functional group to access thesecond cell; mapping the first functional group to a second cellidentifier of the second cell and the second priority to access thesecond cell; mapping the second functional group to the first cellidentifier of the first cell and a fourth priority to access the firstcell, the fourth priority being different than the first priority;mapping the second functional group to the second cell identifier of thesecond cell and the third priority to access the second cell, the thirdpriority being different than the second priority; receiving, at thenetwork device, a traffic load of the first cell of the private LTEnetwork; determining, for the first functional group, an access priorityfor the UE to access the first cell, the access priority being based onthe first priority to access the first cell and the traffic load; andproviding the access priority to a CBRS access point (AP) which controlsaccess to the first cell, wherein the access priority indicates to theCBRS AP a cell-specific priority with which the UE is allowed to accessthe first cell.
 2. The method of claim 1, wherein the access prioritycomprises a high priority, a low priority, or a no access indication. 3.The method of claim 2, wherein the access priority for the UE comprisesthe no access indication if the UE is authenticated to attach to thefirst cell and one or more UEs of functional groups with higher priorityconsume the traffic load of the first cell.
 4. The method of claim 3,wherein the no access indication is temporary for a period of time untilthe traffic load of the cell decreases.
 5. The method of claim 1,wherein providing the access priority to the CBRS AP includes providingthe access priority to a mobility management entity (MME) of the privateLTE network, wherein the first functional group is received from the MMEbased on the UE establishing a request to attach to the first cell. 6.The method of claim 1, wherein the network device is a Digital NetworkArchitecture (DNA) appliance of the private LTE network.
 7. The methodof claim 1, further comprising receiving a user profile and subscriptioninformation associated with the UE from one or more authentication,authorization, and accounting (AAA) servers of the private LTE network.8. The method of claim 7, wherein the one or more AAA servers comprise aCBRS AAA server and an enterprise AAA server.
 9. A system, comprising:one or more processors; and a non-transitory computer-readable storagemedium containing instructions which, when executed by the one or moreprocessors, cause the one or more processors to: receive, at a networkdevice of a private Long Term Evolution (LTE) network operating in aCitizens Broadband Radio Service (CBRS) spectrum, a first functionalgroup associated with a user equipment (UE); assign, to the firstfunctional group, a first priority to access a first cell of the privateLTE network, the first priority being different than a second priorityof the first functional group to access a second cell of the private LTEnetwork and a third priority of a second functional group to access thesecond cell; map the first functional group to a second cell identifierof the second cell and the second priority to access the second cell;map the second functional group to the first cell identifier of thefirst cell and a fourth priority to access the first cell, the fourthpriority being different than the first priority; map the secondfunctional group to the second cell identifier of the second cell andthe third priority to access the second cell, the third priority beingdifferent than the second priority; receive, at the network device, atraffic load of the first cell of the private LTE network; determine,for the first functional group, an access priority for the UE to accessthe first cell, the access priority being based on the first priority toaccess the first cell and the traffic load; and provide the accesspriority to a CBRS access point (AP) which controls access to the firstcell, wherein the access priority indicates to the CBRS AP acell-specific priority with which the UE is allowed to access the firstcell.
 10. The system of claim 9, wherein the access priority comprises ahigh priority, a low priority, or a no access indication.
 11. The systemof claim 10, wherein the access priority for the UE comprises the noaccess indication if the UE is authenticated to attach to the first celland one or more UEs of functional groups with higher priority consumethe traffic load of the first cell.
 12. The system of claim 11, whereinthe no access indication is temporary for a period of time until thetraffic load of the first cell decreases.
 13. The system of claim 9,wherein providing the access priority to the CBRS AP includes providingthe access priority to a mobility management entity (MME) of the privateLTE network, wherein the functional group is received from the MME basedon the UE establishing a request to attach to the cell.
 14. The systemof claim 9, wherein the instructions which, when executed by the one ormore processors, cause the one or more processors to receive a userprofile and subscription information associated with the UE from one ormore authentication, authorization, and accounting (AAA) servers of theprivate LTE network.
 15. The system of claim 14, wherein the one or moreAAA servers comprise a CBRS AAA server and an enterprise AAA server. 16.The system of claim 9, wherein the network device is a Digital NetworkArchitecture (DNA) appliance of the private LTE network.
 17. Anon-transitory machine-readable storage medium, including instructionsconfigured to cause a data processing apparatus to: receive, at anetwork device of a private Long Term Evolution (LTE) network operatingin a Citizens Broadband Radio Service (CBRS) spectrum, a firstfunctional group associated with a user equipment (UE); assign, to thefirst functional group, a first priority to access a first cell of theprivate LTE network, the first priority being different than a secondpriority of the first functional group to access a second cell of theprivate LTE network and a third priority of a second functional group toaccess the second cell; map the first functional group to a second cellidentifier of the second cell and the second priority to access thesecond cell; map the second functional group to the first cellidentifier of the first cell and a fourth priority to access the firstcell, the fourth priority being different than the first priority; mapthe second functional group to the second cell identifier of the secondcell and the third priority to access the second cell, the thirdpriority being different than the second priority; receive, at thenetwork device, a traffic load of the first cell of the private LTEnetwork; determine, for the first functional group, an access priorityfor the UE to access the first cell, the access priority being based onthe first priority to access the first cell and the traffic load; andprovide the access priority to a CBRS access point (AP) which controlsaccess to the first cell, wherein the access priority indicates to theCBRS AP a cell-specific priority with which the UE is allowed to accessthe first cell.
 18. The non-transitory machine-readable storage mediumof claim 17, wherein the access priority comprises a high priority, alow priority, or no access indication.
 19. The non-transitorymachine-readable storage medium of claim 18, wherein the access priorityfor the UE comprises the no access indication if the UE is authenticatedto attach to the first cell and one or more UEs of functional groupswith higher priority consume the traffic load of the first cell.
 20. Thenon-transitory machine-readable storage medium of claim 19, wherein theno access indication is temporary for a period of time until the trafficload of the first cell decreases.